CVE-2007-0726

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html	Patch Vendor Advisory
http://secunia.com/advisories/24479
http://www.osvdb.org/34850
http://www.securityfocus.com/bid/22948
http://www.securitytracker.com/id?1017756
http://www.us-cert.gov/cas/techalerts/TA07-072A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/0930
https://exchange.xforce.ibmcloud.com/vulnerabilities/32975
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html	Patch Vendor Advisory
http://secunia.com/advisories/24479
http://www.osvdb.org/34850
http://www.securityfocus.com/bid/22948
http://www.securitytracker.com/id?1017756
http://www.us-cert.gov/cas/techalerts/TA07-072A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/0930
https://exchange.xforce.ibmcloud.com/vulnerabilities/32975

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.8:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.6:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.4.8:::::::*

History

21 Nov 2024, 00:26

Type	Values Removed	Values Added
References	~~() http://docs.info.apple.com/article.html?artnum=305214 -~~	() http://docs.info.apple.com/article.html?artnum=305214 -
References	~~() http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html - Patch, Vendor Advisory~~	() http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html - Patch, Vendor Advisory
References	~~() http://secunia.com/advisories/24479 -~~	() http://secunia.com/advisories/24479 -
References	~~() http://www.osvdb.org/34850 -~~	() http://www.osvdb.org/34850 -
References	~~() http://www.securityfocus.com/bid/22948 -~~	() http://www.securityfocus.com/bid/22948 -
References	~~() http://www.securitytracker.com/id?1017756 -~~	() http://www.securitytracker.com/id?1017756 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA07-072A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA07-072A.html - US Government Resource
References	~~() http://www.vupen.com/english/advisories/2007/0930 -~~	() http://www.vupen.com/english/advisories/2007/0930 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/32975 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/32975 -

Information

Published : 2007-03-13 22:19

Updated : 2024-11-21 00:26

NVD link : CVE-2007-0726

Mitre link : CVE-2007-0726

CVE.ORG link : CVE-2007-0726

JSON object : View

Products Affected

apple

mac_os_x
mac_os_x_server

CWE

NVD-CWE-Other

5.0 /10